FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dtc -- multiple vulnerabilities

Affected packages
dtc < 0.32.9

Details

VuXML ID 879b0242-c5b6-11e0-abd1-0017f22d6707
Discovery 2011-03-02
Entry 2011-08-13

Ansgar Burchardt reports:

Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services: The bw_per_moth.php graph contains an SQL injection vulnerability; insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure; after a registration, passwords are sent in cleartext email messages and Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package.

References

CVE Name CVE-2011-0434
CVE Name CVE-2011-0435
CVE Name CVE-2011-0436
CVE Name CVE-2011-0437
URL http://www.debian.org/security/2011/dsa-2179